CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

Hestiacp <= 1.7.7 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. id: CVE-2023-3479 info: name: Hestiacp = 1.7.7 - Cross-Site Scripting author: edoardottt severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository hestiacp/hestiacp prior to...

6.1CVSS5.9AI score0.01277EPSS

Exploits1References3

NVD•added 2026/05/19 2:16 p.m.•9 views

CVE-2026-43633

HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution. Attackers can inject crafted data into HTTP...

10CVSS0.01072EPSS

Exploits0References5

Vulnrichment•added 2026/05/19 1:33 p.m.•10 views

CVE-2026-43634 HestiaCP 1.2.0-1.9.4 IP Spoofing via CF-Connecting-IP Header

HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's...

8.7CVSS6AI score0.00241EPSS

Exploits0References5

EUVD•added 2026/05/19 1:33 p.m.•13 views

EUVD-2026-30935

10CVSS6AI score0.01072EPSS

Exploits0References5

CVE•added 2026/05/19 1:33 p.m.•14 views

CVE-2026-43634

CVE-2026-43634 affects HestiaCP versions 1.2.0–1.9.4. The vulnerability is an IP spoofing flaw: unauthenticated attackers can send arbitrary IPs via the CF-Connecting-IP header, bypassing authentication controls and Cloudflare network verification. This can defeat fail2ban brute-force protections...

8.7CVSS6AI score0.00241EPSS

Exploits0References5

EUVD•added 2026/05/19 1:29 p.m.•9 views

EUVD-2026-30933

10CVSS6.2AI score0.01072EPSS

Exploits0References5

ATTACKERKB•added 2026/05/19 1:29 p.m.•8 views

CVE-2026-43633

10CVSS6.2AI score0.01072EPSS

Exploits0References6Affected Software1

CNNVD•added 2026/05/19 12:0 a.m.•10 views

HestiaCP 代码问题漏洞

HestiaCP is a lightweight and powerful control panel suitable for modern networks. Versions 1.9.0 to 1.9.4 of HestiaCP have code vulnerabilities. These vulnerabilities stem from deserialization in the Web terminal component, allowing unauthenticated remote attackers to execute root-level code...

10CVSS6AI score0.01072EPSS

Exploits0References1

Positive Technologies•added 2026/05/19 12:0 a.m.•10 views

PT-2026-41935

Name of the Vulnerable Software and Affected Versions HestiaCP versions 1.2.0 through 1.9.4 Description An IP spoofing issue allows unauthenticated remote attackers to bypass authentication security controls. This occurs when the system accepts an arbitrary IP address provided in the...

8.7CVSS6AI score0.00241EPSS

Exploits0References9

Positive Technologies•added 2026/05/19 12:0 a.m.•12 views

PT-2026-41897

Name of the Vulnerable Software and Affected Versions HestiaCP versions 1.9.0 through 1.9.4 Description A deserialization issue exists in the web terminal component due to a session format mismatch between PHP and Node.js. This allows unauthenticated remote attackers to achieve root-level code...

10CVSS6.3AI score0.01072EPSS

Exploits0References10

CNNVD•added 2026/05/19 12:0 a.m.•9 views

HestiaCP 安全漏洞

HestiaCP is an open-source control panel designed for modern networks, offering a lightweight yet powerful solution. Versions 1.2.0 to 1.9.4 of HestiaCP contain security vulnerabilities. These vulnerabilities stem from an IP spoofing vulnerability, allowing unauthorized remote attackers to bypass...

8.7CVSS5.9AI score0.00241EPSS

Exploits0References1